Hi,
On a page I’m building I have several lists built by pulling in the data from a mysql db. These lists are practically all the same, only the table names really change.
Basically rather than having the same blocks of code replicated everywhere I’ve put together a function to cut down on my code. Several parameters can be passed into the function to specify the fields I want to pull in, whether the results are sorted and any limit I may want to put in place. Does this look safe?
[code=php]function buildBlockList($all ,$tableName, $sort, $limit=””){
$sql = sprintf(“SELECT
%s
FROM
%s
%s
%s”,
mysql_real_escape_string($all),
mysql_real_escape_string($tableName),
mysql_real_escape_string($sort),
mysql_real_escape_string($limit));
$result = mysql_query($sql);
if( !$result ) {
echo “Error retrieving list data”;
}
while ($resultBlockList = mysql_fetch_array($result)) {
$resultBlockListlink_int_title[] = $resultBlockList[‘link_int_title’];
$resultBlockListlink_int[] = $resultBlockList[‘link_int’];
}
$BlockListlink_int_titleSize = count($resultBlockListlink_int_title);
?>
<?php
for ($j = 0; $j< $BlockListlink_int_titleSize ; ++$j) {
echo ‘<li><a href=”‘.$resultBlockListlink_int[$j].'”/>’.$resultBlockListlink_int_title[$j].'</a></li>’;
}
}
Here an example calling the function:
[code=php]buildBlockList(“link_int_title, link_int”, “betting_exchange”, “ORDER BY click_count DESC”, “LIMIT 0, 5”);
Thanks for any input!